L. Jean Camp is a Professor at the Indiana University School of Informatics and Computing. Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security. They close out their discussion with the most surprising hangover cure and Jean’s favorite album of 2014.

]]>http://www.cigital.com/silver-bullet/show-107/feed/00:33:39
L. Jean Camp is a Professor at the Indiana University School of Informatics and Computing. Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and [...]
L. Jean Camp is a Professor at the Indiana University School of Informatics and Computing. Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security. They close out their discussion with the most surprising hangover cure and Jean’s favorite album of 2014.
L. Jean Camp
L. Jean Camp (Wikipedia)
L. Jean Camp Google Scholar Citations
The End of Privacy, Science Magazine
Pompeii soundtrack
info@minddnd.comnonoShow 106 – An Interview with Steve Katzhttp://www.cigital.com/silver-bullet/show-106/
http://www.cigital.com/silver-bullet/show-106/#commentsSat, 31 Jan 2015 22:43:28 +0000http://www.cigital.com/?post_type=podcast&p=7322Read More]]>

Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to allocate resources between proactive security engineering and standard network security, triage, and incident response, what it means to be an executive, and the FS-ISAC.

]]>http://www.cigital.com/silver-bullet/show-106/feed/10:35:19
Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to alloca[...]
Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to allocate resources between proactive security engineering and standard network security, triage, and incident response, what it means to be an executive, and the FS-ISAC.
Security Risk Solitions
Steve Katz as banking executive
FS-ISAC
The Patient will see you
info@minddnd.comnonoThe History of Public Key Cryptography with Whitfield Diffiehttp://www.cigital.com/silver-bullet/show-105/
http://www.cigital.com/silver-bullet/show-105/#commentsWed, 31 Dec 2014 20:55:49 +0000http://www.cigital.com/?post_type=podcast&p=7257Read More]]>

On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “proof of correctness of programs,” and if backdoors into crypto systems are a bad idea. They close out by discussing art.

]]>http://www.cigital.com/silver-bullet/show-105/feed/10:43:41
On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “p[...]
On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “proof of correctness of programs,” and if backdoors into crypto systems are a bad idea. They close out by discussing art.
Whitfield Diffie
Whitfield Diffie (Wikipedia)
New Directions in Cryptography (1976) [PDF]
info@minddnd.comnonoShow 104 – An Interview with Rick Gordonhttp://www.cigital.com/silver-bullet/show-104/
http://www.cigital.com/silver-bullet/show-104/#commentsSun, 30 Nov 2014 16:01:45 +0000http://www.cigital.com/?post_type=podcast&p=7241Read More]]>

On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his time as CEO of Tovaris, whether the government outside of DARPA understands security engineering, and the drive behind MACH37 the company… and the name. They close out by discussing if Rick is teaching his children to wrestle.

]]>http://www.cigital.com/silver-bullet/show-104/feed/00:34:22
On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his ti[...]
On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his time as CEO of Tovaris, whether the government outside of DARPA understands security engineering, and the drive behind MACH37 the company… and the name. They close out by discussing if Rick is teaching his children to wrestle.
Rick on Twitter
MACH37
info@minddnd.comnonoShow 103 – An Interview with Brian Krebshttp://www.cigital.com/silver-bullet/show-103/
http://www.cigital.com/silver-bullet/show-103/#commentsFri, 31 Oct 2014 13:15:51 +0000http://www.cigital.com/?post_type=podcast&p=7098Read More]]>

On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why “old media” can’t support in-depth security reporting, and why the government continues to be five years behind the security curve. They close out talking about Brian’s experience of writing Spam Nation.

]]>http://www.cigital.com/silver-bullet/show-103/feed/00:38:52
On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why [...]
On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why “old media” can’t support in-depth security reporting, and why the government continues to be five years behind the security curve. They close out talking about Brian’s experience of writing Spam Nation.
Krebs on Security
Brian on Twitter
Reporting From the Web’s Underbelly, The New York Times
Silver Bullet Security Podcast 102: Richard Danzig
Spam Nation
info@minddnd.comnonoShow 102 – An Interview with Richard Danzighttp://www.cigital.com/silver-bullet/show-102/
http://www.cigital.com/silver-bullet/show-102/#commentsWed, 17 Sep 2014 13:15:58 +0000http://www.cigital.com/?post_type=podcast&p=6832Read More]]>

On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what he learned when running the US Navy that can be applied to computer security, Richard’s recommendations from his important new CNAS report, and how the report is designed to have an impact on policy. The close out their chat with a high-brow art discussion.

]]>http://www.cigital.com/silver-bullet/show-102/feed/00:38:09
On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard[...]
On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what he learned when running the US Navy that can be applied to computer security, Richard’s recommendations from his important new CNAS report, and how the report is designed to have an impact on policy. The close out their chat with a high-brow art discussion.
Richard on Wikipedia
Richard @ navy.mil
Richard @ CNAS
National Service: What Would It Mean? by Richard Danzig
Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies by Richard Danzig
Silver Bullet Security Podcast Show 002: Dan Geer
Silver Bullet Security Podcast Show 007: John Stewart
Jacopo Robusti, called Tintoretto. Crucifixion. 1565.
info@minddnd.comnonoSoftware Security with the Founders of the Center for Secure Designhttp://www.cigital.com/silver-bullet/show-101/
http://www.cigital.com/silver-bullet/show-101/#commentsTue, 26 Aug 2014 13:35:32 +0000http://www.cigital.com/?post_type=podcast&p=6663Read More]]>

On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The participants discuss the origin of the Center, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design, and how the top 10 most common flaws recently published by the Center for Secure Design were compiled.

]]>http://www.cigital.com/silver-bullet/show-101/feed/00:37:20
On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The particip[...]
On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The participants discuss the origin of the Center, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design, and how the top 10 most common flaws recently published by the Center for Secure Design were compiled.
Center for Secure Design
Silver Bullet 93 – An Interview with Yoshi Kohno
Silver Bullet 99 – An Interview with Michael Hicks
Silver Bullet 100 – A Roundtable with Cigital’s Principals
Software [in]security — software flaws in application architecture
Software [in]security and scaling architecture risk analysis
Software Security
info@minddnd.comnonoThe State of Software Security with Cigital’s Principalshttp://www.cigital.com/silver-bullet/show-100/
http://www.cigital.com/silver-bullet/show-100/#commentsWed, 23 Jul 2014 13:30:31 +0000http://www.cigital.com/?post_type=podcast&p=6617Read More]]>

After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?) over the last decade. They talk Frameworks and code analysis, mobile security, software security in Europe, the forthcoming IEEE Center for Secure Design, and BSIMM. Finally we get to find out who thinks we’re making progress and who doesn’t.

]]>http://www.cigital.com/silver-bullet/show-100/feed/00:29:05
After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim De[...]
After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?) over the last decade. They talk Frameworks and code analysis, mobile security, software security in Europe, the forthcoming IEEE Center for Secure Design, and BSIMM. Finally we get to find out who thinks we’re making progress and who doesn’t.
Cigital
BSIMM
Cigital on YouTube
Cigital’s Principals
Gary McGraw
Paco Hope
Show 056 – An Interview with Sammy Migues
Show 068 – An Interview with John Steven
Show 085 – A Discussion with Jim Routh and Scott Matsumoto
info@minddnd.comnonothe PLDI and Software Security with Michael Hickshttp://www.cigital.com/silver-bullet/show-099/
http://www.cigital.com/silver-bullet/show-099/#commentsTue, 01 Jul 2014 00:28:22 +0000http://www.cigital.com/?post_type=podcast&p=6507Read More]]>

On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous. They go on to discuss the role that cryptography plays in security, how ideas from Scrum influence the way Michael runs his research group, CMSC 838G (that is, “Software Security”), and the Build-it, Break-it, Fix-it Programming Contest. They close out their discussion with talk about drums and drumming.

]]>http://www.cigital.com/silver-bullet/show-099/feed/00:34:50
On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, [...]
On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous. They go on to discuss the role that cryptography plays in security, how ideas from Scrum influence the way Michael runs his research group, CMSC 838G (that is, “Software Security”), and the Build-it, Break-it, Fix-it Programming Contest. They close out their discussion with talk about drums and drumming.
Michael Hicks
PLDI 2014
On-line patching & security
CMSC 838G
Build-it, Break-it, Fix-it Programming Contest
Michael @ Programming Languages Enthusiast
Ludwig Drums
Silver Bullet Security Podcast: Greg Morrisett
info@minddnd.comnonoThe Hype behind Heartbleed with Bart Millerhttp://www.cigital.com/silver-bullet/show-098/
http://www.cigital.com/silver-bullet/show-098/#commentsFri, 30 May 2014 05:22:44 +0000http://www.cigital.com/?post_type=podcast&p=6461Read More]]>

On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project. They close out their talk by deciding: SCUBA or skiing?

]]>http://www.cigital.com/silver-bullet/show-098/feed/10:37:55
On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and B[...]
On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project. They close out their talk by deciding: SCUBA or skiing?
Professor Barton P. Miller
Why Do Software Assurance Tools Have Problems Finding Bugs Like Heartbleed? (James A. Kupsch and Barton P. Miller)
On Detecting Heartbleed with Static Analysis
McGraw on Heartbleed shock and awe: What are the real lessons?
Fuzz Testing
Paradyn/Dyninst papers
Dyninst
Software Fault Injection
Charlie Miller on Silver Bullet
BSIMM
Software Assurance Marketplace (SWAMP)
Zuse
info@minddnd.comnonoThe Development Side of Software Security with Aaron Bedrahttp://www.cigital.com/silver-bullet/show-097/
http://www.cigital.com/silver-bullet/show-097/#commentsThu, 01 May 2014 02:30:38 +0000http://www.cigital.com/?post_type=podcast&p=6403Read More]]>

On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type safety and closure in programming, and the most recent non-fiction book that Aaron’s read.

]]>http://www.cigital.com/silver-bullet/show-097/feed/00:35:16
On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security[...]
On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type safety and closure in programming, and the most recent non-fiction book that Aaron’s read.
AaronBedra.com
Aaron at LinkedIn
Aaron at Github
@abedra at Twitter
Aaron at Google+
Aaron Bedra – clojure.web/with-security
Closure in programming languages
Dynamic languages
info@minddnd.comnonoShow 096 – An Interview with Nate Fickhttp://www.cigital.com/silver-bullet/show-096/
http://www.cigital.com/silver-bullet/show-096/#commentsTue, 01 Apr 2014 01:00:39 +0000http://www.cigital.com/?post_type=podcast&p=6284Read More]]>

On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game. They close out their chat with some Leukemia cup smack talking.

]]>http://www.cigital.com/silver-bullet/show-096/feed/10:34:37
On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New [...]
On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game. They close out their chat with some Leukemia cup smack talking.
Nathanial Fick @ Endgame
Nathanial Fick @ CNAS
One Bullet Away
Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011, PDF).
Nathanial Fick @ Poetry Foundation
info@minddnd.comnonoShow 095 – An Interview with Charlie Millerhttp://www.cigital.com/silver-bullet/show-095/
http://www.cigital.com/silver-bullet/show-095/#commentsTue, 25 Feb 2014 02:12:07 +0000http://www.cigital.com/?post_type=podcast&p=6233Read More]]>

On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days. They close out their chat with Charlie’s official car hacking soundtrack.

On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, how Ming uses games to teach security to his students. They close out their chat with talk of obscure and not-so-obscure music.

]]>http://www.cigital.com/silver-bullet/show-094/feed/10:33:16
On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security [...]
On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, how Ming uses games to teach security to his students. They close out their chat with talk of obscure and not-so-obscure music.
Ming Chow
Falling Into You
Ming on Github
Ming on Twitter
Exploiting Online Games
Securing Online Games (jointly authored) [PDF]
info@minddnd.comnonoShow 093 – An Interview with Yoshi Kohnohttp://www.cigital.com/silver-bullet/show-093/
http://www.cigital.com/silver-bullet/show-093/#commentsTue, 24 Dec 2013 18:34:12 +0000http://www.cigital.com/?post_type=podcast&p=5661Read More]]>

On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs. They close out their discussion with a McGraw family secret about The Night Before Christmas.

]]>http://www.cigital.com/silver-bullet/show-093/feed/00:35:31
On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commer[...]
On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs. They close out their discussion with a McGraw family secret about The Night Before Christmas.
Tadayoshi Kohno (Yoshi Kohno) at the University of Washington
@yoshi_kohno
Profile: Tadayoshi Kohno, NOVA scienceNOW
Here’s the scariest part about the Internet of Things, Washington Post
DeadDrop/Strongbox Security Assessment [pdf]
Java Card Security: How Smart Cards and Java Mix, from Securing Java
info@minddnd.comnonoThe Early Days of Computing with Jon Callashttp://www.cigital.com/silver-bullet/show-092-interview-jon-callas/
http://www.cigital.com/silver-bullet/show-092-interview-jon-callas/#commentsWed, 27 Nov 2013 15:34:44 +0000http://www.cigital.com/?post_type=podcast&p=5582Read More]]>

On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on). Is that YOUR computer? They also chat briefly about software security and reality. Jon and Gary close out their discussion with some book talk.

]]>http://www.cigital.com/silver-bullet/show-092-interview-jon-callas/feed/00:37:57
On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer sec[...]
On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on). Is that YOUR computer? They also chat briefly about software security and reality. Jon and Gary close out their discussion with some book talk.
ARPANET
Applied Cryptography by Bruce Schneier
Lavabit
Silent Circle
BSIMM-V
Dandelion Wine
info@minddnd.comnonoA Breakdown of the BSIMM-V with Caroline Wonghttp://www.cigital.com/silver-bullet/show-091/
http://www.cigital.com/silver-bullet/show-091/#commentsWed, 30 Oct 2013 04:43:10 +0000http://www.cigital.com/?post_type=podcast&p=4556Read More]]>

On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science. They close out their discussion with talk of adult libations.

]]>http://www.cigital.com/silver-bullet/show-091/feed/00:33:16
On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative[...]
On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science. They close out their discussion with talk of adult libations.
Security Metrics: A Beginner’s Guide
Executive Women’s Forum
Cyber Security School Challenge
BSIMM-V
info@minddnd.comnonoCryptography compared with Matthew Greenhttp://www.cigital.com/silver-bullet/show-090/
http://www.cigital.com/silver-bullet/show-090/#commentsTue, 01 Oct 2013 02:39:00 +0000http://www.cigital.com/?post_type=podcast&p=4523Read More]]>

On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator. Gary ends by asking Matthew the same question he asked Avi Rubin back on the first episode.

]]>http://www.cigital.com/silver-bullet/show-090/feed/00:26:21
On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and ap[...]
On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator. Gary ends by asking Matthew the same question he asked Avi Rubin back on the first episode.
Matthew D. Green
A Few Thoughts on Cryptographic Engineering (Matthew’s blog)
On the NSA
RSA warns developers not to use RSA products
Software [in]security — software flaws in application architecture (September 10, 2013)
Silver Bullet 001: Avi Rubin
Read a transcript of this episode of the Silver Bullet Security Podcast
info@minddnd.comnonoAcademic vs. Corporate research with Michael Reiterhttp://www.cigital.com/silver-bullet/show-089/
http://www.cigital.com/silver-bullet/show-089/#commentsSun, 01 Sep 2013 00:07:18 +0000http://www.cigital.com/?post_type=podcast&p=4435Read More]]>

On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security. They close out their discussion with some talk about mixed martial arts.

]]>http://www.cigital.com/silver-bullet/show-089/feed/00:29:47
On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the [...]
On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security. They close out their discussion with some talk about mixed martial arts.
Mike Reiter
McGraw on technology transfer Technology Transfer: A Software Security Marketplace Case Study (IEEE Software, September/October 2011)
McGraw on lessons learned when a startup eats your life Startup Lessons (October 22, 2009)
UNC Computer Science
The FindBugs static analysis tool
Women in Technology
Mike’s Ph.D. Students
TC Boyle’s fiction
Attiya and Welch on Distributed Systems
info@minddnd.comnonoTeaching Security Globally with Christian Collberghttp://www.cigital.com/silver-bullet/show-088/
http://www.cigital.com/silver-bullet/show-088/#commentsWed, 31 Jul 2013 20:02:18 +0000http://cigital.minddnd.com/?post_type=podcast&p=4354Read More]]>

On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker. They close out their talk with discussion of travel on planet Earth.

]]>http://www.cigital.com/silver-bullet/show-088/feed/00:21:17
On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security[...]
On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker. They close out their talk with discussion of travel on planet Earth.
Christian Collberg
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Is “Software Protection” Software Security?
AWL Software Security Security Series (edited by Gary McGraw)
China Forces down US Spy Plane (2001)
Exploiting Software (thinking like an attacker)
The Undecidables
info@minddnd.comnonoProgression of Software Security with James Waldenhttp://www.cigital.com/silver-bullet/show-087/
http://www.cigital.com/silver-bullet/show-087/#commentsSun, 30 Jun 2013 20:16:24 +0000http://cigital.minddnd.com/?post_type=podcast&p=4238Read More]]>

On the 87th episode of the Silver Bullet Security Podcast, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement.

]]>http://www.cigital.com/silver-bullet/show-087/feed/00:28:51
On the 87th episode of the Silver Bullet Security Podcast, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software securit[...]
On the 87th episode of the Silver Bullet Security Podcast, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement.
James Walden, Ph.D.
NKU
Software Security
BSIMM
Daft Punk
The National
Cat Power
Dream Theater
info@minddnd.comnonoTechincal Culture across the Pacific with Wenyuan Xuhttp://www.cigital.com/silver-bullet/show-086/
http://www.cigital.com/silver-bullet/show-086/#commentsFri, 31 May 2013 12:32:22 +0000http://cigital.minddnd.com/?post_type=podcast&p=4091Read More]]>

On the 86th episode of the Silver Bullet Security Podcast, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. They close out the episode with a discussion of tailgating.

]]>http://www.cigital.com/silver-bullet/show-086/feed/00:26:36
On the 86th episode of the Silver Bullet Security Podcast, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between A[...]
On the 86th episode of the Silver Bullet Security Podcast, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. They close out the episode with a discussion of tailgating.
Wenyuan Xu
Car tires contain technology making you vulnerable
Security and Privacy Vulnerabilities of In-Car Wireless Networks
Another Reason for “Smart” Electric Meters
Pacemakers Could Be Hacked, Researchers Claim, But Not Easily
Barbie I Can Be Computer Engineer Barbie Doll
info@minddnd.comnonoShow 085 – A Discussion with Jim Routh and Scott Matsumotohttp://www.cigital.com/silver-bullet/show-085/
http://www.cigital.com/silver-bullet/show-085/#commentsTue, 30 Apr 2013 16:00:29 +0000http://cigital.minddnd.com/?post_type=podcast&p=3995Read More]]>

The 85th episode of the Silver Bullet Security Podcast is a double whammy. Gary talks mobile security with two guests —Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, Principal Consultant and head of the mobile security practice at Cigital. All three discuss the challenges of mobile security and how these challenges are exactly the same as and utterly different than software security concerns from across the years. They discuss use of new technologies including accelerometers in enhancing security (or compromising privacy), and the effect that massive phone rooting has on security. Is mobile security the same old same old or a brand new day? Listen to this podcast and find out for yourself.

]]>http://www.cigital.com/silver-bullet/show-085/feed/00:36:01
The 85th episode of the Silver Bullet Security Podcast is a double whammy. Gary talks mobile security with two guests —Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, P[...]
The 85th episode of the Silver Bullet Security Podcast is a double whammy. Gary talks mobile security with two guests —Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, Principal Consultant and head of the mobile security practice at Cigital. All three discuss the challenges of mobile security and how these challenges are exactly the same as and utterly different than software security concerns from across the years. They discuss use of new technologies including accelerometers in enhancing security (or compromising privacy), and the effect that massive phone rooting has on security. Is mobile security the same old same old or a brand new day? Listen to this podcast and find out for yourself.
Trusted Computing and Computational Liberty
John Steven on Mobile Security
Securing Java (dancing pigs and native code risk)
Exploiting Online Games
Trusted on Busted
info@minddnd.comnonoLearning Science in the Country with Hord Tiptonhttp://www.cigital.com/silver-bullet/show-084/
http://www.cigital.com/silver-bullet/show-084/#commentsMon, 01 Apr 2013 00:00:58 +0000http://cigital.minddnd.com/?post_type=podcast&p=3860Read More]]>

On the 84th episode of the Silver Bullet Security Podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear and chemical engineer gives Hord about modern control systems, whether or not certification can help advance software security, and the benefits of teaching software security to kids.

]]>http://www.cigital.com/silver-bullet/show-084/feed/00:37:25
On the 84th episode of the Silver Bullet Security Podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear [...]
On the 84th episode of the Silver Bullet Security Podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear and chemical engineer gives Hord about modern control systems, whether or not certification can help advance software security, and the benefits of teaching software security to kids.
(ISC)2
(ISC)2 management team
The World Is Flat 3.0: A Brief History of the Twenty-first Century by Thomas L. Friedman
info@minddnd.comnonoShow 083 – An Interview with Mark Graffhttp://www.cigital.com/silver-bullet/show-083/
http://www.cigital.com/silver-bullet/show-083/#commentsThu, 28 Feb 2013 19:02:51 +0000http://cigital.minddnd.com/?post_type=podcast&p=3758Read More]]>

On the 83rd episode of the Silver Bullet Security Podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts. They close out their conversation with talk about Mark’s favorite poem from the mid-19th century (and yet it still has a software security connection!).

]]>http://www.cigital.com/silver-bullet/show-083/feed/00:37:02
On the 83rd episode of the Silver Bullet Security Podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence[...]
On the 83rd episode of the Silver Bullet Security Podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts. They close out their conversation with talk about Mark’s favorite poem from the mid-19th century (and yet it still has a software security connection!).
NASDAQ OMX
Lawrence Livermore National Laboratory
Congressional testimopny (video)
Secure Coding: Principles and Practices
BSIMM
Video from LLNL
Fermi problem
Cyber War and Active Defense
Dover Beach (poem)
info@minddnd.comnonoShow 082 – An Interview with Kevin Fuhttp://www.cigital.com/silver-bullet/show-082/
http://www.cigital.com/silver-bullet/show-082/#commentsFri, 18 Jan 2013 20:40:06 +0000http://cigital.minddnd.com/?post_type=podcast&p=3657Read More]]>

On the 82nd episode of the Silver Bullet Security Podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin discuss finding advisors and picking a grad school, the security implications of embedded medical devices, malware in hospital systems, the consumer trend toward analyzing one’s own health data, and the difficulty of teaching design analysis to other humans. They close out the episode discussing lobster bisque.

]]>http://www.cigital.com/silver-bullet/show-082/feed/00:27:11
On the 82nd episode of the Silver Bullet Security Podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin discuss finding advisors and picking a grad school, the security implicati[...]
On the 82nd episode of the Silver Bullet Security Podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin discuss finding advisors and picking a grad school, the security implications of embedded medical devices, malware in hospital systems, the consumer trend toward analyzing one’s own health data, and the difficulty of teaching design analysis to other humans. They close out the episode discussing lobster bisque.
Kevin Fu and Grant Schoenebeck Join the Faculty of CSE @ Michigan
The Bob and Betty Beyster Bubbler
Medical Device Security Center blog
Health-care sector vulnerable to hackers, researchers say, Washington Post.
FDA Software Patch Poster
Hugo Campos fights to get his defibrillator data
info@minddnd.comnonoShow 081 – An Interview with Steve Bellovinhttp://www.cigital.com/silver-bullet/show-081/
http://www.cigital.com/silver-bullet/show-081/#commentsWed, 26 Dec 2012 13:01:48 +0000http://cigital.minddnd.com/?post_type=podcast&p=3596Read More]]>

On the 81st episode of the Silver Bullet Security Podcast, Gary talks with Steve Bellovin, Professor of Computer Science at Columbia University, currently on leave and acting as CTO of the Federal Trade Commission. Gary and Steve discuss how often academic research finds its way into the real world versus research that’s done in a commercial lab, how code has gotten better overall but how the threat model has changed, whether mobile security is just a repackaging of the same security problem we’ve been dealing with for years, the state of computer security in the government, the very first days of Usenet and the famed Evil Bit.

]]>http://www.cigital.com/silver-bullet/show-081/feed/00:33:45
On the 81st episode of the Silver Bullet Security Podcast, Gary talks with Steve Bellovin, Professor of Computer Science at Columbia University, currently on leave and acting as CTO of the Federal Trade Commission. Gary and Steve discuss how often [...]
On the 81st episode of the Silver Bullet Security Podcast, Gary talks with Steve Bellovin, Professor of Computer Science at Columbia University, currently on leave and acting as CTO of the Federal Trade Commission. Gary and Steve discuss how often academic research finds its way into the real world versus research that’s done in a commercial lab, how code has gotten better overall but how the threat model has changed, whether mobile security is just a repackaging of the same security problem we’ve been dealing with for years, the state of computer security in the government, the very first days of Usenet and the famed Evil Bit.
Steven M. Bellovin
Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin
Encrypted Key Exchange
Technology Transfer: A Software Security Marketplace Case Study (IEEE Software, September/October 2011) [PDF]
TSA Pre
Twitter and the FTC
Usenet
nn
The Evil Bit RFC
Permissive Action Link
Steve drives a train
info@minddnd.comnonoShow 080 – An Interview with Thomas Ridhttp://www.cigital.com/silver-bullet/show-080/
http://www.cigital.com/silver-bullet/show-080/#commentsFri, 30 Nov 2012 17:16:55 +0000http://cigital.minddnd.com/?post_type=podcast&p=3505Read More]]>

On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International Studies, Johns Hopkins University, in Washington, DC. In this episode, Gary and Thomas discuss how Thomas’ life as a “wandering academic” influences his work at the War Studies Department, the inevitably (or otherwise) of cyber-war, attribution, and military dictionaries and the problem of jargon. They close out their chat talking about the Barbican cultural center.

]]>http://www.cigital.com/silver-bullet/show-080/feed/00:00:01
On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International[...]
On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International Studies, Johns Hopkins University, in Washington, DC. In this episode, Gary and Thomas discuss how Thomas’ life as a “wandering academic” influences his work at the War Studies Department, the inevitably (or otherwise) of cyber-war, attribution, and military dictionaries and the problem of jargon. They close out their chat talking about the Barbican cultural center.
Thomas Rid
Cyber War Will Not Take Place
Proactive defense prudent alternative to cyberwarfare, SearchSecurity.com.
Barbican
info@minddnd.comnonoShow 079 – An Interview with Per-Olof Perssonhttp://www.cigital.com/silver-bullet/show-079/
http://www.cigital.com/silver-bullet/show-079/#commentsWed, 24 Oct 2012 20:42:48 +0000http://cigital.minddnd.com/?post_type=podcast&p=3428Read More]]>

On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation. Gary and Per-Olof discuss the importance of working different positions within the same company, Sony Mobile’s software security initiative, the political concerns of software security, and the cultural challenges of working with international teams. They close out the show with a discussion of American Presidential politics.

]]>http://www.cigital.com/silver-bullet/show-079/feed/00:27:59
On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation. Gary and Per-Olof discuss the importance of w[...]
On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation. Gary and Per-Olof discuss the importance of working different positions within the same company, Sony Mobile’s software security initiative, the political concerns of software security, and the cultural challenges of working with international teams. They close out the show with a discussion of American Presidential politics.
Transcript of this episode [PDF]
Sony Mobile
BSIMM4
info@minddnd.comnonoShow 078 – An Interview with Jacob Westhttp://www.cigital.com/silver-bullet/show-078/
http://www.cigital.com/silver-bullet/show-078/#commentsSun, 30 Sep 2012 20:12:38 +0000http://cigital.minddnd.com/?post_type=podcast&p=3341Read More]]>

On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO. Gary and Jacob discuss HP’s acquisition of Fortify, the technical trade-offs that have to be made to allow a tool become widely adopted, BSIMM4, and mobile security. They close out their discussion covering the impossibility of growing good tomatoes in San Francisco.

]]>http://www.cigital.com/silver-bullet/show-078/feed/10:30:58
On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO. Gary and Jacob discuss HP’s acq[...]
On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO. Gary and Jacob discuss HP’s acquisition of Fortify, the technical trade-offs that have to be made to allow a tool become widely adopted, BSIMM4, and mobile security. They close out their discussion covering the impossibility of growing good tomatoes in San Francisco.
BSIMM4
Fortify acquired by HP
MOPS
On using data to drive a scientific model – Cargo Cult Computer Security (January 28, 2010)
BSIMM Community
info@minddnd.comnonoShow 077 – An Interview with Gary Warzalahttp://www.cigital.com/silver-bullet/show-077/
http://www.cigital.com/silver-bullet/show-077/#commentsTue, 28 Aug 2012 17:05:40 +0000http://cigital.minddnd.com/?post_type=podcast&p=3252Read More]]>

On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International. The Garys discuss what a CISO’s day-to-day job looks like, how companies can attract and retain good security employees, whether consumers need to understand the difference between software security and security software, and how one can measure security and discuss the results with upper management.

]]>http://www.cigital.com/silver-bullet/show-077/feed/00:24:55
On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International. The Garys discuss what a CISO’s day-to-day job looks like, how companies can attract and retain good security employees, whet[...]
On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International. The Garys discuss what a CISO’s day-to-day job looks like, how companies can attract and retain good security employees, whether consumers need to understand the difference between software security and security software, and how one can measure security and discuss the results with upper management.
Congress should encourage bug fixes, reward secure systems
Verizon 2012 Data Breach Investigations Report [PDF]
The Debt Bomb
info@minddnd.comnonoShow 076 – An Interview with David Evanshttp://www.cigital.com/silver-bullet/show-076/
http://www.cigital.com/silver-bullet/show-076/#commentsFri, 27 Jul 2012 18:10:03 +0000http://cigital.minddnd.com/?post_type=podcast&p=3198Read More]]>

On the 76th episode of the Silver Bullet Security Podcast, Gary chats with David Evans, Associate Professor of Computer Science at the University of Virginia. Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project. They close out their discussion with a story about David’s trip to the World Cup in Korea and a choice between GEB and scheme.

]]>http://www.cigital.com/silver-bullet/show-076/feed/00:32:33
On the 76th episode of the Silver Bullet Security Podcast, Gary chats with David Evans, Associate Professor of Computer Science at the University of Virginia. Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA[...]
On the 76th episode of the Silver Bullet Security Podcast, Gary chats with David Evans, Associate Professor of Computer Science at the University of Virginia. Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project. They close out their discussion with a story about David’s trip to the World Cup in Korea and a choice between GEB and scheme.
David Evans
Jefferson’s Wheel, David’s blog
Interdisciplinary Major in Computer Science
Udacity
Research Without Walls
GEB
Scheme
World Cup Korea
info@minddnd.comnonoShow 075 – An Interview with Howard Schmidthttp://www.cigital.com/silver-bullet/show-075/
http://www.cigital.com/silver-bullet/show-075/#commentsSat, 30 Jun 2012 17:00:33 +0000http://cigital.minddnd.com/?post_type=podcast&p=3062Read More]]>

On the landmark 75th episode of Silver Bullet, Gary talks with Howard Schmidt, former Cybersecurity Coordinator for the Obama administration. In this episode, Gary and Howard discuss the differences between doing security work in the public and private sectors, the difficulties of establishing cybersecurity in the government (especially when it comes to software security), the government’s involvement in cyberespionage, and how the actions of Anonymous and Wikileaks square with the notion of free speech. They close the episode out with talk about Harleys.

This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video):

]]>http://www.cigital.com/silver-bullet/show-075/feed/00:00:01
On the landmark 75th episode of Silver Bullet, Gary talks with Howard Schmidt, former Cybersecurity Coordinator for the Obama administration. In this episode, Gary and Howard discuss the differences between doing security work in the public and pri[...]
On the landmark 75th episode of Silver Bullet, Gary talks with Howard Schmidt, former Cybersecurity Coordinator for the Obama administration. In this episode, Gary and Howard discuss the differences between doing security work in the public and private sectors, the difficulties of establishing cybersecurity in the government (especially when it comes to software security), the government’s involvement in cyberespionage, and how the actions of Anonymous and Wikileaks square with the notion of free speech. They close the episode out with talk about Harleys.
This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video):
Howard Schmidt (Wikipedia)
U.S. cybersecurity chief Howard Schmidt retiring
White House cyber security coordinator Howard Schmidt joins Qualys
info@minddnd.comnonoShow 074 – An Interview with Bruce Schneierhttp://www.cigital.com/silver-bullet/show-074/
http://www.cigital.com/silver-bullet/show-074/#commentsWed, 30 May 2012 17:54:27 +0000http://cigital.minddnd.com/?post_type=podcast&p=3004Read More]]>

On the 74th episode of The Silver Bullet Security Podcast, Gary talks for a second time with Bruce Schneier. They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently. In addition, they discuss Bruce’s new book Liars and Outliers: Enabling the Trust that Society Needs to Thrive, how far behind the government is in terms of security, cloud computing, and Uncle Milton’s ant farm.

]]>http://www.cigital.com/silver-bullet/show-074/feed/00:29:54
On the 74th episode of The Silver Bullet Security Podcast, Gary talks for a second time with Bruce Schneier. They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more eff[...]
On the 74th episode of The Silver Bullet Security Podcast, Gary talks for a second time with Bruce Schneier. They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently. In addition, they discuss Bruce’s new book Liars and Outliers: Enabling the Trust that Society Needs to Thrive, how far behind the government is in terms of security, cloud computing, and Uncle Milton’s ant farm.
Bruce Schneier
Applied Cryptography
Liars and Outliers
Silver Bullet Security Podcast, show 009 (December 2006) – Gary’s first chat with Bruce Schneier
US cyber czar Howard Schmidt resigns
Workshop on Economics and Information Security
Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011).
Prisoner’s Dilemma (Axelrod)
Uncle Milton’s Ant Farm
The Ugly Sweater Store
Vintage Spirits and Forgotten Cocktails: From the Alamagoozlum to the Zombie 100 Rediscovered Recipes and the Stories Behind Them – Mixology
info@minddnd.comnonoShow 073 – An Interview with Robert Vamosihttp://www.cigital.com/silver-bullet/show-073/
http://www.cigital.com/silver-bullet/show-073/#commentsMon, 30 Apr 2012 13:00:46 +0000http://cigital.minddnd.com/?post_type=podcast&p=2906Read More]]>

On the 73rd episode of The Silver Bullet Security Podcast, Gary talks with Robert Vamosi, senior analyst with Mocana, freelance security reporter, and author of When Gadgets Betray Us. Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design. Finally, Gary and Robert discuss Robert’s use of the word “betray.”

]]>http://www.cigital.com/silver-bullet/show-073/feed/20:26:35
On the 73rd episode of The Silver Bullet Security Podcast, Gary talks with Robert Vamosi, senior analyst with Mocana, freelance security reporter, and author of When Gadgets Betray Us. Gary and Robert discuss whether we’re doomed to idiocy as[...]
On the 73rd episode of The Silver Bullet Security Podcast, Gary talks with Robert Vamosi, senior analyst with Mocana, freelance security reporter, and author of When Gadgets Betray Us. Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design. Finally, Gary and Robert discuss Robert’s use of the word “betray.”
Robert Vamosi
When Gadgets Betray Us
Gary on Stuxnet
With Or Without You
info@minddnd.comnonoShow 072 – An Interview with Randy Sabetthttp://www.cigital.com/silver-bullet/show-072/
http://www.cigital.com/silver-bullet/show-072/#commentsFri, 30 Mar 2012 18:32:06 +0000http://cigital.minddnd.com/?post_type=podcast&p=2846Read More]]>

On the 72nd episode of The Silver Bullet Security Podcast, Gary talks with Randy Sabett, a lawyer with the ZwillGen cyber-law firm in Washington, DC. Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whether cyberlaw is full of loopholes, and if security always trades off against privacy and anonymity. They close out their discussion discussing the book Randy is currently reading.

]]>http://www.cigital.com/silver-bullet/show-072/feed/00:37:04
On the 72nd episode of The Silver Bullet Security Podcast, Gary talks with Randy Sabett, a lawyer with the ZwillGen cyber-law firm in Washington, DC. Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whet[...]
On the 72nd episode of The Silver Bullet Security Podcast, Gary talks with Randy Sabett, a lawyer with the ZwillGen cyber-law firm in Washington, DC. Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whether cyberlaw is full of loopholes, and if security always trades off against privacy and anonymity. They close out their discussion discussing the book Randy is currently reading.
Randy V. Sabett
Microsoft and Financial Services Industry Leaders Target Cybercriminal Operations from Zeus Botnets, The Official Microsoft Blog.
Microsoft Raids Tackle Internet Crime, The New York Times.
Court Upholds 5th Amendment-based Refusal to Decrypt Hard Drive
Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011).
The Cuckoo’s Egg by Clifford Stoll
Fram oil filter commercial
Is time running out on the billable hour?
The Singularity is Near by Ray Kurzweil
info@minddnd.comnonoShow 071 – An Interview with Bill Arbaughhttp://www.cigital.com/silver-bullet/show-071/
http://www.cigital.com/silver-bullet/show-071/#commentsWed, 29 Feb 2012 15:45:18 +0000http://cigital.minddnd.com/?post_type=podcast&p=2774Read More]]>

On the 71st episode of The Silver Bullet Security Podcast, Gary talks with Bill Arbaugh, Associate Professor of Computer Science at University of Maryland. Gary and Bill discuss how malware has evolved and changed over the last decade and how it’s affected software security practices, BIOS-based attacks, academia vs. startup, and why the NSA doesn’t play defense when it comes to cybersecurity.

]]>http://www.cigital.com/silver-bullet/show-071/feed/00:00:01
On the 71st episode of The Silver Bullet Security Podcast, Gary talks with Bill Arbaugh, Associate Professor of Computer Science at University of Maryland. Gary and Bill discuss how malware has evolved and changed over the last decade and how it[...]
On the 71st episode of The Silver Bullet Security Podcast, Gary talks with Bill Arbaugh, Associate Professor of Computer Science at University of Maryland. Gary and Bill discuss how malware has evolved and changed over the last decade and how it’s affected software security practices, BIOS-based attacks, academia vs. startup, and why the NSA doesn’t play defense when it comes to cybersecurity.
Bill Arbaugh @ UMD
Microsoft Acquires Komoku
Silver Bullet: Ross Anderson, show 13, show 70
International Capture the Flag
Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011).
info@minddnd.comnonoShow 070 – An Interview with Ross Andersonhttp://www.cigital.com/silver-bullet/show-070/
http://www.cigital.com/silver-bullet/show-070/#commentsTue, 31 Jan 2012 21:05:03 +0000http://cigital.minddnd.com/?post_type=podcast&p=2651Read More]]>

The 70th episode of The Silver Bullet Security Podcast is our first repeat performance. Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Ross was a guest on episode 13 of The Silver Bullet Security Podcast and is our first return guest. Gary and Ross discuss the latest developments in Trusted Computing, the iterated “Prisoner’s Dilemma” as an economic model and its relevance to computer security, information compartmentalization and Wikileaks, time and security, cyberwar versus cybercrime, and Stuxnet.

]]>http://www.cigital.com/silver-bullet/show-070/feed/00:00:01
The 70th episode of The Silver Bullet Security Podcast is our first repeat performance. Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Securi[...]
The 70th episode of The Silver Bullet Security Podcast is our first repeat performance. Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Ross was a guest on episode 13 of The Silver Bullet Security Podcast and is our first return guest. Gary and Ross discuss the latest developments in Trusted Computing, the iterated “Prisoner’s Dilemma” as an economic model and its relevance to computer security, information compartmentalization and Wikileaks, time and security, cyberwar versus cybercrime, and Stuxnet.
Silver Bullet Show 013: Ross Anderson
Transcript of episode 13 [PDF]
Ross Anderson
Trusted Computing FAQ
Security Engineering – Ross’ groundbreaking book in print and online
Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011).
info@minddnd.comnonoShow 069 – An Interview with Steve Myershttp://www.cigital.com/silver-bullet/show-069/
http://www.cigital.com/silver-bullet/show-069/#commentsThu, 29 Dec 2011 15:01:37 +0000http://cigital.minddnd.com/?post_type=podcast&p=2493Read More]]>

On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity. During this show, Gary and Steve discuss the gap between “real world” computer security and “academic” computer security, the problem of cryptography, whether it’s OK to use “the NASCAR effect” to draw students into security, and spear phishing.

]]>http://www.cigital.com/silver-bullet/show-069/feed/00:29:22
On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity. During[...]
On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity. During this show, Gary and Steve discuss the gap between “real world” computer security and “academic” computer security, the problem of cryptography, whether it’s OK to use “the NASCAR effect” to draw students into security, and spear phishing.
Steve Myers
Center for Applied Cybersecurity
The SEED Project (Developing Instructional Laboratories for Computer SEcurity EDucation)
Why Mobile to Mobile Malware Won’t Cause a Storm [PDF], paper for USENIX ’11, with Nathaniel Husted
Patrick Traynor
Silver Bullet Show 020:­ An Interview with Markus Jakobsson
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, edited by Steve Myers and Markus Jakobsson
“Spear phishing”
Spirit of the West
info@minddnd.comnonoShow 068 – An Interview with John Stevenhttp://www.cigital.com/silver-bullet/show-068/
http://www.cigital.com/silver-bullet/show-068/#commentsWed, 30 Nov 2011 16:50:00 +0000http://cigital.minddnd.com/silverbullet/?p=97Read More]]>

On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology.

]]>http://www.cigital.com/silver-bullet/show-068/feed/00:34:19
On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by techno[...]
On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology.
John Steven @ Justice League blog
OWASP NoVA
Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal), InformIT.
Moving to Mobile – New Threats, Justice League blog.
Threat Modeling – Vocabulary, Justice League blog.
BSIMM
“The Liberal”
“The Old Fashioned”
Silver Bullet: Elinor Mills
Uncategorizedinfo@minddnd.comnonoShow 067 – An Interview with Bill Pughhttp://www.cigital.com/silver-bullet/show-067/
http://www.cigital.com/silver-bullet/show-067/#commentsFri, 28 Oct 2011 17:55:17 +0000http://cigital.minddnd.com/silverbullet/?p=95Read More]]>

On the 67th episode of The Silver Bullet Security Podcast, Gary talks with Bill Pugh, professor at the University of Maryland College Park. Gary and Bill discuss the Marmoset and FindBugs projects, how to teach kids to code and whether coding is an innate ability or is something that can be taught. They also geek out regarding Bill’s favorite programming languages for coding and teaching about coding. They also discuss the relationship between coding and fire eating.

]]>http://www.cigital.com/silver-bullet/show-067/feed/20:40:20
On the 67th episode of The Silver Bullet Security Podcast, Gary talks with Bill Pugh, professor at the University of Maryland College Park. Gary and Bill discuss the Marmoset and FindBugs projects, how to teach kids to code and whether coding is an[...]
On the 67th episode of The Silver Bullet Security Podcast, Gary talks with Bill Pugh, professor at the University of Maryland College Park. Gary and Bill discuss the Marmoset and FindBugs projects, how to teach kids to code and whether coding is an innate ability or is something that can be taught. They also geek out regarding Bill’s favorite programming languages for coding and teaching about coding. They also discuss the relationship between coding and fire eating.
Bill Pugh
Marmoset
Dilbert minivan strip
Find Bugs
David Hovemeyer
Find Bugs t-shirt
Cliff Click
UMD: Fall 2011 CMSC 433 – Programming Language Technologies and Paradigms
Uncategorizedinfo@minddnd.comnonoShow 066 – An Interview with Shari Lawrence Pfleegerhttp://www.cigital.com/silver-bullet/show-066/
http://www.cigital.com/silver-bullet/show-066/#commentsThu, 29 Sep 2011 18:44:32 +0000http://cigital.minddnd.com/silverbullet/?p=93Read More]]>

On the 66th episode of The Silver Bullet Security Podcast, Gary chats with Shari Lawrence Pfleeger, Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College. Gary and Shari discuss the difference between safety-critical software and security-critical software, why measuring software is hard (security notwithstanding), how to speed up tech transfer, and why there are so few women in computer science.

]]>http://www.cigital.com/silver-bullet/show-066/feed/10:27:27
On the 66th episode of The Silver Bullet Security Podcast, Gary chats with Shari Lawrence Pfleeger, Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College. Gary and Shari discuss the difference between[...]
On the 66th episode of The Silver Bullet Security Podcast, Gary chats with Shari Lawrence Pfleeger, Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College. Gary and Shari discuss the difference between safety-critical software and security-critical software, why measuring software is hard (security notwithstanding), how to speed up tech transfer, and why there are so few women in computer science.
Shari Lawrence Pfleeger
Software Engineering: Theory and Practice, 4th edition
Many media types live in the land of Twitter, but most regular people don’t by Monica Hesse in the Washington Post
My Blackberry’s Not Working!, The One Ronnie
The Hours by Michael Cunningham
Uncategorizedinfo@minddnd.comnonoShow 065 – An Interview with Giovanni Vignahttp://www.cigital.com/silver-bullet/show-065/
http://www.cigital.com/silver-bullet/show-065/#commentsMon, 29 Aug 2011 14:49:54 +0000http://cigital.minddnd.com/silverbullet/?p=91Read More]]>

On the 65th episode of The Silver Bullet Security Podcast, Gary is joined by Giovanni Vigna, professor of Computer Science at UC Santa Barbara. They discuss DEFCON’s classic Capture the Flag contest as well as UCSB’s international version. They ponder how the notion of “build security in” might be integrated into a CTF-type contest. Gary and Giovanni also talk about Giovanni’s favorite course to teach, the challenge of communicating security issues with non-technical people, and the role of blackbox testing in security. They close out the show discussing how to teach a toddler to pick locks.

]]>http://www.cigital.com/silver-bullet/show-065/feed/00:30:43
On the 65th episode of The Silver Bullet Security Podcast, Gary is joined by Giovanni Vigna, professor of Computer Science at UC Santa Barbara. They discuss DEFCON’s classic Capture the Flag contest as well as UCSB’s international versi[...]
On the 65th episode of The Silver Bullet Security Podcast, Gary is joined by Giovanni Vigna, professor of Computer Science at UC Santa Barbara. They discuss DEFCON’s classic Capture the Flag contest as well as UCSB’s international version. They ponder how the notion of “build security in” might be integrated into a CTF-type contest. Gary and Giovanni also talk about Giovanni’s favorite course to teach, the challenge of communicating security issues with non-technical people, and the role of blackbox testing in security. They close out the show discussing how to teach a toddler to pick locks.
Giovanni at UCSB
Internatonal Capture the Flag
Building Versus Breaking: A White Hat goes to Blackhat
Uncategorizedinfo@minddnd.comnonoShow 064 – An Interview with Markus Schumacherhttp://www.cigital.com/silver-bullet/show-064/
http://www.cigital.com/silver-bullet/show-064/#commentsFri, 29 Jul 2011 17:42:21 +0000http://cigital.minddnd.com/silverbullet/?p=88Read More]]>

On the 64th episode of The Silver Bullet Security Podcast, Gary chats with Markus Schumacher, co-founder and CEO of Virtual Forge. Gary and Markus discuss the difference between working for a large corporate and a startup, why Virtual Forge built a code scanning tool for SAP’s ABAP code, whether security people understand the notion of security patterns, and Markus’ favorite beverage in Heidelberg.

]]>http://www.cigital.com/silver-bullet/show-064/feed/00:21:47
On the 64th episode of The Silver Bullet Security Podcast, Gary chats with Markus Schumacher, co-founder and CEO of Virtual Forge. Gary and Markus discuss the difference between working for a large corporate and a startup, why Virtual Forge built a[...]
On the 64th episode of The Silver Bullet Security Podcast, Gary chats with Markus Schumacher, co-founder and CEO of Virtual Forge. Gary and Markus discuss the difference between working for a large corporate and a startup, why Virtual Forge built a code scanning tool for SAP’s ABAP code, whether security people understand the notion of security patterns, and Markus’ favorite beverage in Heidelberg.
Virtual Forge
Security Patterns, the site
Security Patterns, the book
Technology Transfer: A Software Security Marketplace Case Study, (IEEE Software, September/October 2011)
Print Media Lounge
Recipe for a Liberal (the drink)
Out of Damage, Markus’ band
Uncategorizedinfo@minddnd.comnonoShow 063 – An Interview with Craig Millerhttp://www.cigital.com/silver-bullet/show-063/
http://www.cigital.com/silver-bullet/show-063/#commentsTue, 28 Jun 2011 14:25:23 +0000http://cigital.minddnd.com/silverbullet/?p=85Read More]]>On the 63rd episode of The Silver Bullet Security Podcast, Gary talks with Craig Miller, principal at the MAPA Group. Gary and Craig discuss entrepreneurship, the pluses and minuses of working for start-ups and very large corporations, smart grid security, and working with NRECA. They close out the show discussing movies and books.

]]>http://www.cigital.com/silver-bullet/show-063/feed/00:32:54On the 63rd episode of The Silver Bullet Security Podcast, Gary talks with Craig Miller, principal at the MAPA Group. Gary and Craig discuss entrepreneurship, the pluses and minuses of working for start-ups and very large corporations, smart grid se[...]On the 63rd episode of The Silver Bullet Security Podcast, Gary talks with Craig Miller, principal at the MAPA Group. Gary and Craig discuss entrepreneurship, the pluses and minuses of working for start-ups and very large corporations, smart grid security, and working with NRECA. They close out the show discussing movies and books.
Dr. Craig Miller
MAPA Group
SAIC
Smart grid
NRECA
NERC
Continuous improvement
On the Waterfront
Moby Dick
Uncategorizedinfo@minddnd.comnonoShow 062 – An Interview with Halvar Flakehttp://www.cigital.com/silver-bullet/show-062/
http://www.cigital.com/silver-bullet/show-062/#commentsTue, 31 May 2011 15:05:00 +0000http://cigital.minddnd.com/silverbullet/?p=83Read More]]>

On the 62nd episode of The Silver Bullet Security Podcast, Gary chats with Halvar Flake (a.k.a. Thomas Dullien), founder of reverse engineering consultancy, Zynamics, which was recently purchased by Google. Gary and Halvar discuss the acquisition, Zynamics’ product BinDiff, whether the “bad guys” are using code understanding tools (including decompilers) better than developers, static versus dynamic analysis, international politics meets computer security, and the growing complexity of malware. They close out with a discussion of music.

On the 61st episode of The Silver Bullet Security Podcast, Gary talks with Carl Landwehr, Director of Trustworthy Computing at the National Science Foundation and a Senior Research Scientist at the Institute for Systems Research within the University of Maryland. Gary and Carl discuss the most important changes in information security that have developed over the course of Carl’s career, the academic perspective of the state of commercial computer security, how to balance security and privacy, and the reason behind the leaking of government documents to Wikileaks. They close out the episode discussing books.

]]>http://www.cigital.com/silver-bullet/show-061/feed/00:27:27
On the 61st episode of The Silver Bullet Security Podcast, Gary talks with Carl Landwehr, Director of Trustworthy Computing at the National Science Foundation and a Senior Research Scientist at the Institute for Systems Research within the Universi[...]
On the 61st episode of The Silver Bullet Security Podcast, Gary talks with Carl Landwehr, Director of Trustworthy Computing at the National Science Foundation and a Senior Research Scientist at the Institute for Systems Research within the University of Maryland. Gary and Carl discuss the most important changes in information security that have developed over the course of Carl’s career, the academic perspective of the state of commercial computer security, how to balance security and privacy, and the reason behind the leaking of government documents to Wikileaks. They close out the episode discussing books.
National Science Foundation
Silver Bullet #46: David Rice
Uncategorizedinfo@minddnd.comnonoShow 060 – An Interview with Neil Daswanihttp://www.cigital.com/silver-bullet/show-060/
http://www.cigital.com/silver-bullet/show-060/#commentsWed, 30 Mar 2011 15:51:23 +0000http://cigital.minddnd.com/silverbullet/?p=79Read More]]>

On the 5th anniversary, 60th episode of The Silver Bullet Security Podcast, Gary talks with Neil Daswani, CTO and co-founder of Dasient. Gary and Neil discuss Neil’s previous work at Google and how the “start-up like” atmosphere at Google compares with an actual start-up. They also discuss bad ads (aka malvertising), Clickbot.A, the software security related emphasis on testing at Google, and sushi in San Jose.

On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications. Langer Communications is a German company specializing in control systems security. Ralph was the first to determine that Stuxnet is a directed cybersecurity attack against the kinds of Siemens control systems used to control nuclear centrifuges in Iran. Gary and Ralph discuss what’s involved in introducing the concept of cybersecurity to control systems engineers, how anti-virus vendors originally responded to the Stuxnet, as well as plenty of detailed technical info about the worm with an emphasis on its payload.

]]>http://www.cigital.com/silver-bullet/show-059/feed/50:42:08
On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications. Langer Communications is a German company specializing in control systems security. Ralph was the firs[...]
On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications. Langer Communications is a German company specializing in control systems security. Ralph was the first to determine that Stuxnet is a directed cybersecurity attack against the kinds of Siemens control systems used to control nuclear centrifuges in Iran. Gary and Ralph discuss what’s involved in introducing the concept of cybersecurity to control systems engineers, how anti-virus vendors originally responded to the Stuxnet, as well as plenty of detailed technical info about the worm with an emphasis on its payload.
Langner Communications
Stuxnet
Software [In]security: How to p0wn a Control System with Stuxnet
Software [In]security: Cyber Warmongering and Influence Peddling
Israeli Test on Worm Called Crucial in Iran Nuclear Delay (New York Times)
Uncategorizedinfo@minddnd.comnonoNew video: Dr. Gary McGraw chats with Dr. Carl Landwehrhttp://www.cigital.com/silver-bullet/new-video-dr-gary-mcgraw-chats-with-dr-carl-landwehr/
http://www.cigital.com/silver-bullet/new-video-dr-gary-mcgraw-chats-with-dr-carl-landwehr/#commentsWed, 16 Feb 2011 21:29:14 +0000http://cigital.minddnd.com/silverbullet/?p=76Silver Bullet is producing a series of short videos featuring members of the IEEE Security & Privacy magazine editorial board. Our first video features outgoing Editor in Chief Carl Landwehr.

On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department. Gary and John discuss whether Wikileaks is a terrorist organization, if the use of a cyber-weapon like Stuxnet can be a morally justified act, and the implications of computational nanotechnology on cybersecurity.

]]>http://www.cigital.com/silver-bullet/show-058/feed/20:29:23
On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department. Gary and John discuss whether Wikileaks is a terrorist[...]
On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department. Gary and John discuss whether Wikileaks is a terrorist organization, if the use of a cyber-weapon like Stuxnet can be a morally justified act, and the implications of computational nanotechnology on cybersecurity.
Transcript of this episode [PDF]
John Savage at Brown University
Jefferson Science Fellow: Dr. John Savage
International Telecommunication Union
Silver Bullet #49: Ivan Arce
The Girl with the Dragon Tattoo
Homomorphic Encryption
Uncategorizedinfo@minddnd.comnonoShow 057 – An Interview with Elinor Millshttp://www.cigital.com/silver-bullet/show-057/
http://www.cigital.com/silver-bullet/show-057/#commentsThu, 23 Dec 2010 19:10:09 +0000http://cigital.minddnd.com/silverbullet/?p=71Read More]]>

On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com. At CNET, Elinor covers Internet technology and security. Gary and Elinor discuss how writing about technology for news organizations has changed over the last 20 years, how technology adoption in Portugal differs from the States, WikiLeaks and the First Amendment, avoiding FUD when covering a breaking news story about security, and Burning Man. They close the episode with a brief discussion of Elinor’s favorite books.

]]>http://www.cigital.com/silver-bullet/show-057/feed/00:30:47
On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com. At CNET, Elinor covers Internet technology and security. Gary and Elinor discuss how writing about technology for news organizations h[...]
On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com. At CNET, Elinor covers Internet technology and security. Gary and Elinor discuss how writing about technology for news organizations has changed over the last 20 years, how technology adoption in Portugal differs from the States, WikiLeaks and the First Amendment, avoiding FUD when covering a breaking news story about security, and Burning Man. They close the episode with a brief discussion of Elinor’s favorite books.
Transcript of this episode [pdf]
Elinor at CNET
Insecurity Complex – Elinor’s blog
Elinor on Twitter
Drama in the Desert: Sights and Sounds of Burning Man / Raised Barn Press
Demilitarizing cybersecurity (Q&A)
How to p0wn a Control System with Stuxnet
Intellus
Reputation Defender
Eating Animals
The Corrections
Uncategorizedinfo@minddnd.comnonoShow 056 – An Interview with Sammy Migueshttp://www.cigital.com/silver-bullet/show-056/
http://www.cigital.com/silver-bullet/show-056/#commentsTue, 30 Nov 2010 17:32:05 +0000http://cigital.minddnd.com/silverbullet/?p=70Read More]]>

On the 56th Silver Bullet Security Podcast, Gary sits down with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM. They close the show out discussing bourbon. As a bonus, Sammy may be the first person to ever use the phrase “flips my bogometer” on a podcast.

]]>http://www.cigital.com/silver-bullet/show-056/feed/00:26:33
On the 56th Silver Bullet Security Podcast, Gary sits down with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience s[...]
On the 56th Silver Bullet Security Podcast, Gary sits down with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM. They close the show out discussing bourbon. As a bonus, Sammy may be the first person to ever use the phrase “flips my bogometer” on a podcast.
Sammy on Justice League
At the NRECA conference – Sammy’s blog post (with video) about his NRECA talk.
BSIMM Community Conference
BSIMM
Trusted Computer System Evaluation Criteria – aka “The Orange Book”
“The Antique Collection” bourbon
Uncategorizedinfo@minddnd.comnonoShow 055 – An Interview with Deborah Frinckehttp://www.cigital.com/silver-bullet/show-055/
http://www.cigital.com/silver-bullet/show-055/#commentsFri, 29 Oct 2010 19:03:29 +0000http://cigital.minddnd.com/silverbullet/?p=69Read More]]>

On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory. Gary and Deb discuss the differences between being a professor and a researcher, whether a professional certification is better than an academic degree, and how a woman’s reasons for getting into the computer security field may differ from a man’s. They close out the episode by talking flowers.

]]>http://www.cigital.com/silver-bullet/show-055/feed/00:22:16
On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory. Gary and Deb discuss the differences between being a professor and a researcher, whether a profes[...]
On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory. Gary and Deb discuss the differences between being a professor and a researcher, whether a professional certification is better than an academic degree, and how a woman’s reasons for getting into the computer security field may differ from a man’s. They close out the episode by talking flowers.
Deborah Frincke on Twitter
Software [In]security: Technology Transfer, informIT
Pacific Northwest National Labs
University of Idaho Computer Science
University of Idaho Center for Secure & Dependable Systems
NSA National Centers of Academic Excellence
Orchidaceae
Uncategorizedinfo@minddnd.comnonoThe Decades Science Fiction with Marc Donnerhttp://www.cigital.com/silver-bullet/show-054/
http://www.cigital.com/silver-bullet/show-054/#commentsMon, 27 Sep 2010 20:28:37 +0000http://cigital.minddnd.com/silverbullet/?p=67Read More]]>

On the 54th Silver Bullet Security Podcast, Gary talks with Dr. Marc Donner, engineering director for Google Health and Google Finance. Gary and Marc discuss science-fiction books from the last decade, why Americans like to talk about cyberwarfare, and security issues and privacy concerns as related to Google Health initiatives. They finish up their discussion by talking about the Syrup Wars.

On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division. They discuss whether it’s better to look for known problems or anomalies when performing network security monitoring, how to explain security incidents to “business guys,” the notion of “building visibility in,” and the difference between working as an independent consultant in a very small shop and working in a large corporation.

]]>http://www.cigital.com/silver-bullet/show-053/feed/00:31:51
On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division. They discuss whether[...]
On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division. They discuss whether it’s better to look for known problems or anomalies when performing network security monitoring, how to explain security incidents to “business guys,” the notion of “building visibility in,” and the difference between working as an independent consultant in a very small shop and working in a large corporation.
TaoSecurity blog
Silver Bullet #19: Mikko Hyppönen
Silver Bullet #41: Fred Schneider
Uncategorizedinfo@minddnd.comnonoA Breakdown of Security Analysis with Paul Kocherhttp://www.cigital.com/silver-bullet/show-052/
http://www.cigital.com/silver-bullet/show-052/#commentsWed, 21 Jul 2010 14:18:24 +0000http://cigital.minddnd.com/silverbullet/?p=63Read More]]>

On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research. Gary and Paul discuss the first system that Paul ever broke, whether engineers and architects need to think like the “bad guys” or not, the decision to put content protection on Blu-Ray discs rather than the player, and whether P=NP.

]]>http://www.cigital.com/silver-bullet/show-052/feed/20:27:14
On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research. Gary and Paul discuss the first system that Paul ever broke, whether engineers and architects need to t[...]
On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research. Gary and Paul discuss the first system that Paul ever broke, whether engineers and architects need to think like the “bad guys” or not, the decision to put content protection on Blu-Ray discs rather than the player, and whether P=NP.
Transcript of this episode [PDF]
Cryptography Research (Paul @ Cryptography Research)
How Crypto Won the DVD War
Macrovision to Acquire Blu-ray Disc Security Technology from Cryptography Research, Inc. (press release)
P versus NP problem
Uncategorizedinfo@minddnd.comnonoStartup versus Government Research with Anup Ghoshhttp://www.cigital.com/silver-bullet/show-051/
http://www.cigital.com/silver-bullet/show-051/#commentsFri, 25 Jun 2010 17:29:09 +0000http://cigital.minddnd.com/silverbullet/?p=62Read More]]>

On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh. Anup has authored three books on e-commerce security and over 40 peer-reviewed articles and is founder and chief scientist of Invincea. Gary and Anup discuss the difference between working in a startup and in goverment research, why antivirus doesn’t work against the ZeuS botnet and what businesses should do to protect themselves, and the relevance of the desktop in the future of computing. They close out with a discussion about Anup’s favorite newspapers and recent books.

]]>http://www.cigital.com/silver-bullet/show-051/feed/20:33:07
On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh. Anup has authored three books on e-commerce security and over 40 peer-reviewed articles and is founder and chief scientist of Invincea. Ga[...]
On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh. Anup has authored three books on e-commerce security and over 40 peer-reviewed articles and is founder and chief scientist of Invincea. Gary and Anup discuss the difference between working in a startup and in goverment research, why antivirus doesn’t work against the ZeuS botnet and what businesses should do to protect themselves, and the relevance of the desktop in the future of computing. They close out with a discussion about Anup’s favorite newspapers and recent books.
Invincea
Anup’s books on Amazon
Advanced Technology Program
ZeuS botnet summary
Why Patching Isn’t Enough
Uncategorizedinfo@minddnd.comnonoLacking Defense in Cyber War with Richard Clarkehttp://www.cigital.com/silver-bullet/show-050/
http://www.cigital.com/silver-bullet/show-050/#commentsTue, 01 Jun 2010 19:01:02 +0000http://cigital.minddnd.com/silverbullet/?p=61Read More]]>On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty. We also uncover whether being a guest on Silver Bullet is more stressful than being on The Colbert Report.

This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video):

]]>http://www.cigital.com/silver-bullet/show-050/feed/20:33:42On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick[...]On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty. We also uncover whether being a guest on Silver Bullet is more stressful than being on The Colbert Report.
This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video):
Transcript of this episode [PDF]
9/11 Commission Report
What if the smart grid has stupid security?
Select TV appearances: The Daily Show (2008) / The Colbert Report (2007) / The Colbert Report (2005) / 60 Minutes (2004)
Uncategorizedinfo@minddnd.comnonoImitating the Attackers Prespective with Ivan Arcehttp://www.cigital.com/silver-bullet/show-049/
http://www.cigital.com/silver-bullet/show-049/#commentsFri, 30 Apr 2010 14:01:32 +0000http://cigital.minddnd.com/silverbullet/?p=60Read More]]>

On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies. Gary and Ivan discuss whether teaching builders to think like attackers is worthwhile, how living in Argentina both helps and hinders a career in computer security, the current state of embedded systems attacks, and Ivan’s ongoing disagreement with Microsoft about Virtual PC vulnerabilities. They close things out with a discussion of science fiction books and whether scotch trumps bourbon.

]]>http://www.cigital.com/silver-bullet/show-049/feed/20:36:47
On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies. Gary and Ivan discuss whether teaching builders to think like attackers is worthwhile, how living in Argentina [...]
On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies. Gary and Ivan discuss whether teaching builders to think like attackers is worthwhile, how living in Argentina both helps and hinders a career in computer security, the current state of embedded systems attacks, and Ivan’s ongoing disagreement with Microsoft about Virtual PC vulnerabilities. They close things out with a discussion of science fiction books and whether scotch trumps bourbon.
Core Security Technologies
Attack Points blog (CSO Online)
Ivan on the Core Security Technologies’ blog
Security vulnerability in Microsoft’s Virtual PC
Assume Nothing: Is Microsoft Forgetting a Crucial Security Lesson?
SiSU manifest of document filetypes and metadata
Uncategorizedinfo@minddnd.comnonoChanges in Security Compliance with Andrew Jaquithhttp://www.cigital.com/silver-bullet/show-048/
http://www.cigital.com/silver-bullet/show-048/#commentsThu, 25 Mar 2010 15:29:08 +0000http://cigital.minddnd.com/silverbullet/?p=59Read More]]>

On the 48th episode of The Silver Bullet Security Podcast, Gary interviews Andrew Jaquith, senior analyst at Forrester. Gary and Andy discuss how security has become overrun by compliance in the biggest change to corporate security in 15 years, the battle between social networking technology use in the workplace (think Twitter, Facebook, AIM…) and security, security metrics (or lack of such), and Andy’s latest musical find.

On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the School of Engineering and Applied Sciences at Harvard University. Gary and Greg discuss the relationship between security and programming languages, why the choice of a good programming language (and/or VM) is more important than code review, sensor networks and security, information control, and Gary and Greg’s most embarrassing moment from adolescence.

]]>http://www.cigital.com/silver-bullet/show-047/feed/00:29:00
On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Compu[...]
On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the School of Engineering and Applied Sciences at Harvard University. Gary and Greg discuss the relationship between security and programming languages, why the choice of a good programming language (and/or VM) is more important than code review, sensor networks and security, information control, and Gary and Greg’s most embarrassing moment from adolescence.
Transcript of this episode [PDF]
Greg Morrisett
The Center for Research on Computation and Society
Ynot
RoboBees
GoNative
Uncategorizedinfo@minddnd.comnonoA Look Inside Infowar with David Ricehttp://www.cigital.com/silver-bullet/show-046/
http://www.cigital.com/silver-bullet/show-046/#commentsWed, 27 Jan 2010 16:35:22 +0000http://cigital.minddnd.com/silverbullet/?p=57Read More]]>

On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit. They close out by discussing unusual yoga positions.

]]>http://www.cigital.com/silver-bullet/show-046/feed/30:36:06
On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involv[...]
On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit. They close out by discussing unusual yoga positions.
Monterey Group
Silver Bullet #41 – Fred Schneider
Silver Bullet #11 – Dorothy Denning
Software Security Comes of Age (InformIT) – on the growth of the software security space
Google Defends Against Large Scale Chinese Cyber Attack
SANS WhatWorks in Application Security Summit 2010
BSIMM
Uncategorizedinfo@minddnd.comnonoThe Common Disregard for Privacy with Lorrie Cranorhttp://www.cigital.com/silver-bullet/show-045/
http://www.cigital.com/silver-bullet/show-045/#commentsFri, 18 Dec 2009 15:33:06 +0000http://cigital.minddnd.com/silverbullet/?p=56Read More]]>

On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University. Gary and Lorrie discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues. They close out the discussion by talking about women in computing.

]]>http://www.cigital.com/silver-bullet/show-045/feed/00:26:51
On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University. Gary and Lorrie discuss how everyday people think abo[...]
On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University. Gary and Lorrie discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues. They close out the discussion by talking about women in computing.
Lorrie Cranor
Security and Usability: Designing Secure Systems That People Can Use
Web Privacy with P3P
CyLab Usable Privacy and Security Laboratory (CUPS)
A “Nutrition Label” for Privacy
Google search privacy video
Uncategorizedinfo@minddnd.comnonoThe History of Network Security with Steve Kenthttp://www.cigital.com/silver-bullet/show-044/
http://www.cigital.com/silver-bullet/show-044/#commentsWed, 25 Nov 2009 21:55:05 +0000http://cigital.minddnd.com/silverbullet/?p=55Read More]]>

On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon. Gary and Steve discuss the history of network security, secure transport and base Internet protocols, the role of politics in the adoption of security on the Internet, applied cryptography, and whether security and individual liberty co-exist. They finish by discussing extremely high end wine.

]]>http://www.cigital.com/silver-bullet/show-044/feed/00:32:29
On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon. Gary and Steve discuss the history of network security, secure trans[...]
On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon. Gary and Steve discuss the history of network security, secure transport and base Internet protocols, the role of politics in the adoption of security on the Internet, applied cryptography, and whether security and individual liberty co-exist. They finish by discussing extremely high end wine.
Internet’s Biggest Security Hole
Securing the Border Gateway Protocol (PPT)
2006: Statement before Congress regarding a nationwide ID system
Uncategorizedinfo@minddnd.comnonoThe Hype behind Cloud Security with Chris Hoffhttp://www.cigital.com/silver-bullet/show-043/
http://www.cigital.com/silver-bullet/show-043/#commentsWed, 21 Oct 2009 21:20:16 +0000http://cigital.minddnd.com/silverbullet/?p=54Read More]]>

On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other complex security issues. Suffice it to say, the cloud was a big topic for this issue. And rum.

]]>http://www.cigital.com/silver-bullet/show-043/feed/30:31:56
On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other compl[...]
On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other complex security issues. Suffice it to say, the cloud was a big topic for this issue. And rum.
Transcript of this episode [PDF]
Rational Survivability
The Frogs Who Desired a King: A Virtualization & Cloud Computing Fable
Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure
Mount Gay Extra Old Rum (Gary’s favorite)
Ron Zacapa Centenario Rum (Hoff’s favorite)
Uncategorizedinfo@minddnd.comnonoInformatics and Health Security with Gilian Hayeshttp://www.cigital.com/silver-bullet/show-042/
http://www.cigital.com/silver-bullet/show-042/#commentsFri, 25 Sep 2009 18:31:20 +0000http://cigital.minddnd.com/silverbullet/?p=53Read More]]>

On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. Gary and Gillian discuss how much people really need to know about security going on behind the scenes, how usability affects the health records security, whether or not surveillance changes how 20-somethings act in public (including on the net), and how having more women technologists positively impacts the humanization of technology.

]]>http://www.cigital.com/silver-bullet/show-042/feed/20:30:51
On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. Gary and Gillian discuss how much people really need[...]
On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. Gary and Gillian discuss how much people really need to know about security going on behind the scenes, how usability affects the health records security, whether or not surveillance changes how 20-somethings act in public (including on the net), and how having more women technologists positively impacts the humanization of technology.
Transcript of this episode [PDF]
Gillian Hayes
Social and technological action research (STAR)
Ben Shneiderman
National Center for Women and Information Technology
The Discovery of Heaven
Uncategorizedinfo@minddnd.comnonoSecurity vs. Reliability with Fred Schneiderhttp://www.cigital.com/silver-bullet/show-041/
http://www.cigital.com/silver-bullet/show-041/#commentsFri, 21 Aug 2009 18:10:20 +0000http://cigital.minddnd.com/silverbullet/?p=52Read More]]>

On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. On the show, Gary and Fred discuss the relationship between security and reliability, diversity as a security mechanism, and the continuum of attack categories from configuration problems, to bugs, to flaws, to trust issues. Fred briefly discusses Pointillism at the end of the show.

]]>http://www.cigital.com/silver-bullet/show-041/feed/20:31:51
On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. On the show, Gary and Fred discuss the relationship [...]
On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. On the show, Gary and Fred discuss the relationship between security and reliability, diversity as a security mechanism, and the continuum of attack categories from configuration problems, to bugs, to flaws, to trust issues. Fred briefly discusses Pointillism at the end of the show.
Transcript of this episode [PDF]
Fred B. Schneider
IEEE Security and Privacy 7, 1 (January/February 2009) [PDF], 14–17. With Ken Birman.
Trust in Cyberspace
Pointillism (Seurat)
Uncategorizedinfo@minddnd.comnonoComparing Security Models with Bob Blakleyhttp://www.cigital.com/silver-bullet/show-040/
http://www.cigital.com/silver-bullet/show-040/#commentsFri, 17 Jul 2009 14:06:47 +0000http://cigital.minddnd.com/silverbullet/?p=51Read More]]>

For the 40th episode of The Silver Bullet Security Podcast, Gary interviews Bob Blakley, VP and research director of The Burton Group’s Identity and Privacy Strategies. Gary and Bob discuss the importance of liberal arts degrees, the (over) complications of CORBA security, whether computer security requires a complete shift in approach, cybersecurity and governments, and the movie Perils in Nude Modeling (really).

For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration’s “cyber coordinator” plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security. Matt’s musical tastes are also briefly touched on.

]]>http://www.cigital.com/silver-bullet/show-039/feed/00:32:36
For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration[...]
For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration’s “cyber coordinator” plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security. Matt’s musical tastes are also briefly touched on.
Matt Blaze
Matt Blaze – Wikipedia
Matt Blaze’s Exhaustive Search – Matt’s blog
Safecracking, Secrecy and Science
Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks – IEEE Security & Privacy, March/April 2003
RSA panel on Surveillance
Silver Bullet 11: Dorothy Denning
Trust Management
Signaling Vulnerabilities in Wiretapping Systems – IEEE Security & Privacy, November/December 2005, by M. Sherr, E. Cronin, S. Clark and M. Blaze.
Eno/Byrne: Everything That Happens Will Happen Today
Uncategorizedinfo@minddnd.comnonoThe Importance of In-Situ Usability with Kay Connellyhttp://www.cigital.com/silver-bullet/show-038/
http://www.cigital.com/silver-bullet/show-038/#commentsTue, 19 May 2009 21:33:17 +0000http://cigital.minddnd.com/silverbullet/?p=47Read More]]>

For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the “presence clock” and the portal monitor), and Kay’s advice to women interested in pursuing a career in computer science.

]]>http://www.cigital.com/silver-bullet/show-038/feed/00:25:14
For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. G[...]
For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the “presence clock” and the portal monitor), and Kay’s advice to women interested in pursuing a career in computer science.
Kay Connelly
E.T.H.O.S. – Ethical Technology in the Homes of Seniors
Crafting a Smarter, Gentler Cell Phone – NPR story featuring Kay Connelly
Silver Bullet #7: John Stewart
Silver Bullet #15: Annie Antón
HIPAA
The Song Is You: A Novel by Arthur Phillips
I Was Told There’d Be Cake by Sloane Crosley
Uncategorizedinfo@minddnd.comnonoChanges and Immortality of Security with Virgil Gilgorhttp://www.cigital.com/silver-bullet/show-037/
http://www.cigital.com/silver-bullet/show-037/#commentsTue, 21 Apr 2009 18:56:51 +0000http://cigital.minddnd.com/silverbullet/?p=45Read More]]>

On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security. They close out with a discussion of Virgil’s breakfast-eating habits.

]]>http://www.cigital.com/silver-bullet/show-037/feed/40:27:10
On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how inform[...]
On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security. They close out with a discussion of Virgil’s breakfast-eating habits.
Transcript of this episode [PDF]
Virgil D. Gligor (@ Carnegie Mellon)
CyLab
Electrical and Computer Engineering at Carnegie Mellon University
Building a Secure Computer System
Foreign Intelligence Surveillance Act
Software Security Comes of Age
RSA panel to discuss surveillance, privacy concerns
Computer Security: Art and Science by Matt Bishop
Towards a Theory of Penetration-Resistant Systems and its Applications (1991)
Uncategorizedinfo@minddnd.comnonoThe Birth of the BSIMM with Gary McGrawhttp://www.cigital.com/silver-bullet/show-036/
http://www.cigital.com/silver-bullet/show-036/#commentsWed, 18 Mar 2009 20:40:27 +0000http://cigital.minddnd.com/silverbullet/?p=44Read More]]>

We switch things up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use.

]]>http://www.cigital.com/silver-bullet/show-036/feed/20:34:34
We switch things up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary[...]
We switch things up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use.
Transcript of this episode [PDF]
Enterprise Architecture: From Incite comes Insight… – James McGovern’s blog
Gary McGraw’s site
Software Security: Building Security In
Building Security In Maturity Model (BSIMM)
Gartner releases paper on Static Analysis – James’ blog entry on Gartner
Uncategorizedinfo@minddnd.comnonoComputer Security within Daemon with Daniel Suarezhttp://www.cigital.com/silver-bullet/show-035/
http://www.cigital.com/silver-bullet/show-035/#commentsMon, 23 Feb 2009 20:50:17 +0000http://cigital.minddnd.com/silverbullet/?p=43Read More]]>

On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of humanity. They talk about Daniel’s new book and the movie options attached to it, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the current state of AI, and the follow-up to Daemon, Freedom TM.

]]>http://www.cigital.com/silver-bullet/show-035/feed/00:25:16
On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of hu[...]
On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of humanity. They talk about Daniel’s new book and the movie options attached to it, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the current state of AI, and the follow-up to Daemon, Freedom TM.
Daemon
Daniel on Last call with Carson Daly
Al-Qaeda in Second Life
Distraction by Bruce Sterling
Halting State by Charles Stross
Bot-Mediated Reality at the Long Now Foundation
Wired for War by P.W. Singer
Uncategorizedinfo@minddnd.comnonoShow 034 – An Interview with Bill Brennerhttp://www.cigital.com/silver-bullet/show-034/
http://www.cigital.com/silver-bullet/show-034/#commentsWed, 14 Jan 2009 19:05:39 +0000http://cigital.minddnd.com/silverbullet/?p=42Read More]]>

On the 34th episode of The Silver Bullet Security Podcast, Gary interviews Bill Brenner, senior editor at CSO Online and CSO Magazine. Gary and Bill discuss how delivering the security message changes based on the audience (executives versus geeks and CSO’s versus CIO’s), the much-exaggerated death of print media, and balancing headline-grabbing sensationalism with solid security business coverage. They close out their interview with a discussion of Bill’s favorite period of history.

Reality Check targets experienced leaders working to solve software security problems in large organizations every day. We use a standard script to guide each conversation with questions about history, methodology, best practice, and measurement. We plan to interview leaders of mature software security programs and leaders of programs just getting started.

]]>http://www.cigital.com/silver-bullet/ad-reality-check-security-podcast/feed/00:00:51Note: The Reality Check Podcast is no longer available.
We’re happy to announce the debut of The Reality Check Security Podcast with Gary McGraw:
The Reality Check Podcast with Gary McGraw focuses directly on software security practitioners an[...]Note: The Reality Check Podcast is no longer available.
We’re happy to announce the debut of The Reality Check Security Podcast with Gary McGraw:
The Reality Check Podcast with Gary McGraw focuses directly on software security practitioners and practical software security. Reality Check’s sister podcast, the Silver Bullet Security Podcast with Gary McGraw, follows a free form interview style tailored highlight the ideas and experience of security gurus. By contrast, Reality Check is concerned with practical questions centered on running large-scale software security initiatives in the real world.
Reality Check targets experienced leaders working to solve software security problems in large organizations every day. We use a standard script to guide each conversation with questions about history, methodology, best practice, and measurement. We plan to interview leaders of mature software security programs and leaders of programs just getting started.Uncategorizedinfo@minddnd.comnonoShow 033 – An Interview with Laurie Williamshttp://www.cigital.com/silver-bullet/show-033/
http://www.cigital.com/silver-bullet/show-033/#commentsMon, 22 Dec 2008 17:41:28 +0000http://cigital.minddnd.com/silverbullet/?p=40Read More]]>

On the 33rd episode of The Silver Bullet Security Podcast, Gary talks with Laurie Williams, Associate Professor of Computer Science at North Carolina State University. Gary and Laurie discuss Laurie’s nine years at IBM, Agile’s adoption in the commercial space, XP and software security, and what changes Laurie would make to the standard computer science curriculum to better prepare students.

On the 31st episode of The Silver Bullet Security Podcast, Gary talks with Matt Bishop, professor of Computer Science at UC Davis and author of the book Computer Security: Art and Science as well as many peer-reviewed papers. Gary and Matt discuss Matt’s plan to work security analysis and secure coding into a wider computer science cirriculum, Matt’s early work with Mike Dilger on TOCTOU, whether or not progress is being made in the field of software security, and the role of training in large-scale software security initiatives. Their chat closes with a mention of Matt’s home menagerie (which does not include any one-legged chickens at this time).

On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline of computer science doesn’t learn from failure like mechanical engineering does, how we’re making steps backwards in computer security, whether focusing on web applications is a good or bad thing for software security, and Ken’s recommendation for moderately-priced red wines.

]]>http://www.cigital.com/silver-bullet/show-030/feed/70:21:48
On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline o[...]
On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline of computer science doesn’t learn from failure like mechanical engineering does, how we’re making steps backwards in computer security, whether focusing on web applications is a good or bad thing for software security, and Ken’s recommendation for moderately-priced red wines.
Ken’s personal page
KRvW Associates
CERT
FIRST
Secure Coding
Incident Response
SC-L mailing list
From the foreword to Secure Programming with Static Analysis – blog entry with photo of Tacoma Narrows Bridge
TJX’s stock increase since the January 2007 security breach
The Addison-Wesley Software Security Series
Barbera D’Asti wines
Uncategorizedinfo@minddnd.comnonoShow 029 – An Interview with Dennis Fisherhttp://www.cigital.com/silver-bullet/show-029/
http://www.cigital.com/silver-bullet/show-029/#commentsMon, 18 Aug 2008 15:05:01 +0000http://cigital.minddnd.com/silverbullet/show-029-an-interview-with-dennis-fisher/Read More]]>

On the 29th episode of The Silver Bullet Security Podcast, Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget. Dennis helps run SearchSecurity.com and Information Security Magazine. Gary and Dennis discuss the current “BS factor” in security journalism, shopping at TJ Maxx right after the TJX privacy breach, the state of software security, and which is harder: being a fry cook at Hardees or working as a PR flack.

]]>http://www.cigital.com/silver-bullet/show-029/feed/00:23:50
On the 29th episode of The Silver Bullet Security Podcast, Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget. Dennis helps run SearchSecurity.com and Information Security Magazine. Gary and Dennis discuss t[...]
On the 29th episode of The Silver Bullet Security Podcast, Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget. Dennis helps run SearchSecurity.com and Information Security Magazine. Gary and Dennis discuss the current “BS factor” in security journalism, shopping at TJ Maxx right after the TJX privacy breach, the state of software security, and which is harder: being a fry cook at Hardees or working as a PR flack.
Dennis’ blog
TJX
Software Security Grows
Dennis’ un-named podcast
Series of Tubes
Hardees
Uncategorizedinfo@minddnd.comnonoShow 028 – An Interview with Bill Cheswickhttp://www.cigital.com/silver-bullet/show-028/
http://www.cigital.com/silver-bullet/show-028/#commentsTue, 15 Jul 2008 19:30:25 +0000http://cigital.minddnd.com/silverbullet/show-028/Read More]]>

On the 28th episode of The Silver Bullet Security Podcast, Gary interviews Bill Cheswick, a lead member of technical staff at AT&T Research and all around security guru. Bill has been working in computer security for over 35 years. He coined the term “proxy” in 1990 with reference to firewalls, and co-authored the book Firewalls and Internet Security which was used to train an entire generation of sys admins. Gary and Bill discuss whether we’re winning or losing the computer security war, how security threats have evolved from pimply-faced teenagers to organized crime, whether we should move security into “the cloud,” and whether re-naming “Christmas lights” to “solstice lights” would bypass NJ holiday decoration ordinances.

]]>http://www.cigital.com/silver-bullet/show-028/feed/00:23:59
On the 28th episode of The Silver Bullet Security Podcast, Gary interviews Bill Cheswick, a lead member of technical staff at AT&T Research and all around security guru. Bill has been working in computer security for over 35 years. He coined [...]
On the 28th episode of The Silver Bullet Security Podcast, Gary interviews Bill Cheswick, a lead member of technical staff at AT&T Research and all around security guru. Bill has been working in computer security for over 35 years. He coined the term “proxy” in 1990 with reference to firewalls, and co-authored the book Firewalls and Internet Security which was used to train an entire generation of sys admins. Gary and Bill discuss whether we’re winning or losing the computer security war, how security threats have evolved from pimply-faced teenagers to organized crime, whether we should move security into “the cloud,” and whether re-naming “Christmas lights” to “solstice lights” would bypass NJ holiday decoration ordinances.
Bill Cheswick
AT&T Research
Lumeta
FWIS
“The Design of a Secure Internet Gateway” (Usenix 1990, coining of “proxy”)
The Apache web server
Turtles all the Way Down
Ed Amoroso’s Silver Bullet Podcast (use blink test to compare)
Uncategorizedinfo@minddnd.comnonoShow 027 – An Interview with Gunnar Petersonhttp://www.cigital.com/silver-bullet/show-027/
http://www.cigital.com/silver-bullet/show-027/#commentsWed, 18 Jun 2008 13:30:44 +0000http://cigital.minddnd.com/silverbullet/show-027/Read More]]>

On the 27th episode of The Silver Bullet Security Podcast, Gary interviews software security expert Gunnar Peterson, a Managing Principal at Arctec Group. Gary and Gunnar begin with the age-old question, “What is security?” They go on to discuss how Web 2.0 and SOA security is progressing, the big idea behind “federated identity,” whether all market verticals can follow the software security lead of the financial services industry, and the inherent badness of the color purple.

The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam’s current work, and the main ideas behind Adam’s new book The New School of Information Security. They go on to chat about Adam’s aversion to the term “best practices,” the role IEEE Security & Privacy magazine plays in bringing the science of security to a practical level, and whether the biggest problem of the CardSystems breach was the following the letter, rather than the spirit, of PCI. Also on the agenda, duck-billed platypuses, Kandinski, and books by Pynchon.

(Beginning with this episode, Silver Bullet will be available as a 192k MP3.)

]]>http://www.cigital.com/silver-bullet/show-026/feed/30:30:12
The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got start[...]
The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam’s current work, and the main ideas behind Adam’s new book The New School of Information Security. They go on to chat about Adam’s aversion to the term “best practices,” the role IEEE Security & Privacy magazine plays in bringing the science of security to a practical level, and whether the biggest problem of the CardSystems breach was the following the letter, rather than the spirit, of PCI. Also on the agenda, duck-billed platypuses, Kandinski, and books by Pynchon.
(Beginning with this episode, Silver Bullet will be available as a 192k MP3.)
Transcript of this episode [PDF]
Emergent Chaos blog
The New School of Information Security
Microsoft’s SDL
Cigital’s Touchpoints
IEEE Security & Privacy magazine
Wassily Kandinsky
The CardSystems breach (2005)
Thomas Pynchon
Uncategorizedinfo@minddnd.comnonoShow 025 – An Interview with Jon Swartzhttp://www.cigital.com/silver-bullet/show-025/
http://www.cigital.com/silver-bullet/show-025/#commentsFri, 18 Apr 2008 20:58:21 +0000http://cigital.minddnd.com/silverbullet/show-025-an-interview-with-jon-swartz/Read More]]>

Jon Swartz, USA Today‘s award-winning technology reporter and Pulitzer Prize nominee, is Gary’s guest on the 25th episode of The Silver Bullet Security Podcast. They discuss Jon’s new book, Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity and the research that went into writing it. Gary and Jon also cover how cybercrime is driven by capitalist principals, why the general public’s attitude is so lax about software security, and how, even though it’s hard to get an accurate count of identity theft instances, they tend to show a sharp upward trend. Jon ends the episode by disclosing his secret dream career.

]]>http://www.cigital.com/silver-bullet/show-025/feed/60:27:49
Jon Swartz, USA Today‘s award-winning technology reporter and Pulitzer Prize nominee, is Gary’s guest on the 25th episode of The Silver Bullet Security Podcast. They discuss Jon’s new book, Zero Day Threat: The Shocking Truth of [...]
Jon Swartz, USA Today‘s award-winning technology reporter and Pulitzer Prize nominee, is Gary’s guest on the 25th episode of The Silver Bullet Security Podcast. They discuss Jon’s new book, Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity and the research that went into writing it. Gary and Jon also cover how cybercrime is driven by capitalist principals, why the general public’s attitude is so lax about software security, and how, even though it’s hard to get an accurate count of identity theft instances, they tend to show a sharp upward trend. Jon ends the episode by disclosing his secret dream career.
(Apologies for the below-average sound quality on this episode.)
Transcript of this episode [PDF]
Zero Day Threat
Jon’s USA Today articles
Uncategorizedinfo@minddnd.comnonoBackground Behind a CSO with Mary Ann Davidsonhttp://www.cigital.com/silver-bullet/show-024/
http://www.cigital.com/silver-bullet/show-024/#commentsFri, 14 Mar 2008 18:26:36 +0000http://cigital.minddnd.com/silverbullet/show-024/Read More]]>

Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast. Gary and Mary Ann discuss how an MBA helps in the CSO role, Oracle’s “Unbreakable” campaign, why everyone needs training in secure coding, and how military history informs computer security. They also talk about how a young CSO-to-be got her first library card.

On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris reminisce about L0pht (and the warehouse full of stuff) and discuss the role of security researchers now versus in the mid-late ’90s. They also talk about the current state of the software security market and its continued growth.

]]>http://www.cigital.com/silver-bullet/show-023/feed/00:24:48
On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (op[...]
On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris reminisce about L0pht (and the warehouse full of stuff) and discuss the role of security researchers now versus in the mid-late ’90s. They also talk about the current state of the software security market and its continued growth.
Chris’ Wikipedia entry
The Art of Software Security Testing
Veracode
Zero in a bit – Veracode’s blog
L0pht Heavy Industries
SOURCE: Boston 2008
Uncategorizedinfo@minddnd.comnonoSoftware Security Behind AT&T with Ed Amorosohttp://www.cigital.com/silver-bullet/show-022/
http://www.cigital.com/silver-bullet/show-022/#commentsWed, 23 Jan 2008 21:33:09 +0000http://cigital.minddnd.com/silverbullet/show-022/Read More]]>

On the 22nd episode of The Silver Bullet Security Podcast, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T. They discuss how Peter Neumann influenced Ed, the difference between bugs and flaws and whether bugs are getting too much attention, the propensity for confusion around how security actually works, privacy, security, and monitoring, and software correctness/quality vs software security. They also discuss the Hugh Thompson show now airing on AT&T’s Tech Channel.

For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent.

]]>http://www.cigital.com/silver-bullet/show-021/feed/10:23:35
For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pr[...]
For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent.
Transcript of this episode [PDF]
Justice League blog
Threat Modeling – a blog entry by John Steven
OWASP Top 10 for 2007
OWASP
The Shmoo Group
Uncategorizedinfo@minddnd.comnonoHappy Holidays from Silver Bullethttp://www.cigital.com/silver-bullet/happy-holidays-from-silver-bullet/
http://www.cigital.com/silver-bullet/happy-holidays-from-silver-bullet/#commentsFri, 21 Dec 2007 17:07:55 +0000http://cigital.minddnd.com/silverbullet/happy-holidays-from-silver-bullet/
]]>http://www.cigital.com/silver-bullet/happy-holidays-from-silver-bullet/feed/0Show 020 – An Interview with Markus Jakobssonhttp://www.cigital.com/silver-bullet/show-020/
http://www.cigital.com/silver-bullet/show-020/#commentsFri, 16 Nov 2007 22:32:45 +0000http://cigital.minddnd.com/silverbullet/show-020/Read More]]>

For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of “perfect privacy,” moving from hardcore cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. In addition, Markus mentions the best place in Southeast Asia to get a haircut.

]]>http://www.cigital.com/silver-bullet/show-020/feed/20:24:29
For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecur[...]
For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of “perfect privacy,” moving from hardcore cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. In addition, Markus mentions the best place in Southeast Asia to get a haircut.
Markus @ Wikipedia – he’s “orphaned”!
RavenWhite
Crimeware
Uncategorizedinfo@minddnd.comnonoThe Legitimacy of Mobile Viruses with Mikko Hyppönenhttp://www.cigital.com/silver-bullet/show-019/
http://www.cigital.com/silver-bullet/show-019/#commentsThu, 18 Oct 2007 15:21:38 +0000http://cigital.minddnd.com/silverbullet/show-019/Read More]]>

For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko’s prediction for the appearance of the first mobile botnet. They also chat about Finnish hip-hop.

]]>http://www.cigital.com/silver-bullet/show-019/feed/20:22:11
For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a le[...]
For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko’s prediction for the appearance of the first mobile botnet. They also chat about Finnish hip-hop.
Transcript of this episode [PDF]
Mikko Hyppönen
Mikko Hyppönen- Wikipedia
F-Secure
Mobile Malware – Mikko’s USENIX 2007 talk, both audio and video (scroll down a bit)
Xevious
The FSMCs
Uncategorizedinfo@minddnd.comnonoThe Importance of Software Testing with Eugene Spaffordhttp://www.cigital.com/silver-bullet/show-018/
http://www.cigital.com/silver-bullet/show-018/#commentsTue, 25 Sep 2007 21:04:22 +0000http://cigital.minddnd.com/silverbullet/show-018/Read More]]>

On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.

]]>http://www.cigital.com/silver-bullet/show-018/feed/10:28:08
On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive d[...]
On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.
Transcript of this episode [PDF]
Dr. Eugene Spafford
Spaf’s blog at CERIAS
Gene Spafford – Wikipedia
CERIAS – Center for Education and Research in Information Assurance and Security
PITAC – President’s Information Technology Advisory Committee
What did you really expect? – Spaf’s post on “reformed hackers”
The Internet Worm Program: An Analysis
Yucks Digest
Uncategorizedinfo@minddnd.comnonoThe ROI of Computer Security with Eric Colehttp://www.cigital.com/silver-bullet/show-017/
http://www.cigital.com/silver-bullet/show-017/#commentsFri, 24 Aug 2007 20:19:43 +0000http://cigital.minddnd.com/silverbullet/show-017/Read More]]>

On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.

]]>http://www.cigital.com/silver-bullet/show-017/feed/20:29:23
On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demos[...]
On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.
Secure Anchor
Security Haven
Stego-marking packets to control information leakage on TCP/IP based networks – Eric’s dissertation
Uncategorizedinfo@minddnd.comnonoUnderstanding Exploits with Greg Hoglundhttp://www.cigital.com/silver-bullet/show-016/
http://www.cigital.com/silver-bullet/show-016/#commentsThu, 12 Jul 2007 22:38:30 +0000http://cigital.minddnd.com/silverbullet/show-016/Read More]]>

On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box.

]]>http://www.cigital.com/silver-bullet/show-016/feed/20:24:03
On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless se[...]
On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box.
HB Gary
Exploiting Online Games
AWL Software Security Series
Uncategorizedinfo@minddnd.comnonoDigital Privacy Defined with Annie Antónhttp://www.cigital.com/silver-bullet/show-015/
http://www.cigital.com/silver-bullet/show-015/#commentsTue, 19 Jun 2007 14:12:30 +0000http://cigital.minddnd.com/silverbullet/show-015/Read More]]>

On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focus on privacy. They start with an attempt to define what “privacy” is in the digital world, moving on to Annie’s work with The Privacy Place. Annie also discusses airlines’ pretty much pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, crazy talk in EULAs, and the book Letters to a Young Catholic (which has nothing to do with privacy).

]]>http://www.cigital.com/silver-bullet/show-015/feed/10:25:16
On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focu[...]
On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focus on privacy. They start with an attempt to define what “privacy” is in the digital world, moving on to Annie’s work with The Privacy Place. Annie also discusses airlines’ pretty much pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, crazy talk in EULAs, and the book Letters to a Young Catholic (which has nothing to do with privacy).
A partial transcript of the interview in IEEE Security & Privacy
Annie I. Antón
The Privacy Place
The ChoicePoint Data Security Breach
Uncategorizedinfo@minddnd.comnonoComputer Security since the 1960’s with Peter Neumannhttp://www.cigital.com/silver-bullet/show-014/
http://www.cigital.com/silver-bullet/show-014/#commentsTue, 22 May 2007 17:04:03 +0000http://cigital.minddnd.com/silverbullet/show-014/Read More]]>

The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. In this show, Gary and Peter discuss the most important changes in computer security since the 1960s, the discipline involved in early Multics engineering (“nodody writes a line of code without the approving authorities [having] read and understood the specification”), why DRM is the “wrong solution to the wrong problem,” and who was more interesting to meet: Albert Einstein or Norah Jones.

]]>http://www.cigital.com/silver-bullet/show-014/feed/10:20:59
The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. In this show, Gary and Peter discuss the[...]
The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. In this show, Gary and Peter discuss the most important changes in computer security since the 1960s, the discipline involved in early Multics engineering (“nodody writes a line of code without the approving authorities [having] read and understood the specification”), why DRM is the “wrong solution to the wrong problem,” and who was more interesting to meet: Albert Einstein or Norah Jones.
Peter Neumann
comp.RISKS
Computer-Related Risks
Multics
A General-Purpose File System For Secondary Storage – Peter’s 1965 paper on Multics
Multics History Project
The Brooklyn Boogaloo Blowout
Uncategorizedinfo@minddnd.comnonoSecurity Engineering Described with Ross Andersonhttp://www.cigital.com/silver-bullet/show-013/
http://www.cigital.com/silver-bullet/show-013/#commentsFri, 13 Apr 2007 20:33:21 +0000http://cigital.minddnd.com/silverbullet/show-013/Read More]]>

On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the effect of posting his excellent book on the net for free, the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system’s users (with respect to who should address security), and why publicly describing attacks is essential to security engineering. They close out by examining the security implications of wearing a kilt.

]]>http://www.cigital.com/silver-bullet/show-013/feed/30:22:50
On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the ef[...]
On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the effect of posting his excellent book on the net for free, the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system’s users (with respect to who should address security), and why publicly describing attacks is essential to security engineering. They close out by examining the security implications of wearing a kilt.
Transcript of this episode [PDF]
Ross Anderson
Light Blue Touchpaper – A security blog by Cambridge computer scientists.
Security Engineering – Ross’ groundbreaking book in print and online
WEIS 2007 – Sixth Workshop on the Economics of Information Security
RFID and the Middleman [PDF]
The Clan Anderson Society
Ross playing the bagpipes
Uncategorizedinfo@minddnd.comnonoFrom Ruralism to Computer Security with Becky Bacehttp://www.cigital.com/silver-bullet/show-012/
http://www.cigital.com/silver-bullet/show-012/#commentsTue, 13 Mar 2007 21:13:02 +0000http://cigital.minddnd.com/silverbullet/show-012/Read More]]>

On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital. Becky spent twelve years at the NSA working on intrusion detection and cryptography from 1984 until 1996, followed by a stint at Los Alamos National Laboratory. Gary and Becky discuss growing up in rural America, explosives, and Becky’s Jimmy Hoffa sponsored college funding situation. They also talk about the evolution of security curricula in academia, rampant commercialization of computer security, Becky’s involvement in tracking down the notorious Kevin Mitnick, vicodin-induced creativity, and eclectic music.

]]>http://www.cigital.com/silver-bullet/show-012/feed/00:23:39
On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital. Becky spent twelve years at the NSA working on intrusion detection and cryptography from 1984 until 1996, follow[...]
On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital. Becky spent twelve years at the NSA working on intrusion detection and cryptography from 1984 until 1996, followed by a stint at Los Alamos National Laboratory. Gary and Becky discuss growing up in rural America, explosives, and Becky’s Jimmy Hoffa sponsored college funding situation. They also talk about the evolution of security curricula in academia, rampant commercialization of computer security, Becky’s involvement in tracking down the notorious Kevin Mitnick, vicodin-induced creativity, and eclectic music.
Transcript of this episode [PDF]
Who’s Who in Infosec: Rebecca Bace
Trident Capital – The VC firm where Becky is an advisor
Los Alamos National Labs
Intrusion Detection
A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness – Co-authored with Fred Smith
Executive Women’s Forum
Frank Sinatra
The Kinsey Sicks
Uncategorizedinfo@minddnd.comnonoTeaching Computer Security with Dorothy Denninghttp://www.cigital.com/silver-bullet/show-011/
http://www.cigital.com/silver-bullet/show-011/#commentsThu, 15 Feb 2007 22:07:35 +0000http://cigital.minddnd.com/silverbullet/show-011/Read More]]>

On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers.

]]>http://www.cigital.com/silver-bullet/show-011/feed/40:22:22
On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown Universi[...]
On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers.
Transcript of this episode [PDF]
Wikipedia: Dorothy Denning
Clipper Chip (More)
Clipper Chick – a 1996 Wired article about the Clipper Chip controversy.
The Future of Cryptography
Location-Based Authentication: Grounding Cyberspace for Better Security – A 1996 paper by Dorothy Denning and Peter F. MacDoran about geo-encryption.
Big Sur Power Walk
Uncategorizedinfo@minddnd.comnono